Set a cookie based on a form

As we know, in network words, a cookie is a special information, although only the Server stored in the user's computer on a text file, but due to its content of unusual sexual(and the server has some interactive sex, and often will store the user name and even password, or other sensitive information, for example, in the Arena or in some communities, often will use a cookie to save the user set points, level, etc.). Thus become some Master of concern for image, thereby to obtain special privileges, and even capture entire web site. Himself out of some book to the java script of cookie application, to say that the preliminary description of the cookie to deceive the implementation process and the specific application. **A cookie to establish ** In speaking how to build a cookie before, we first look at a cookie the basic format: cookiename+cookievalue;expire=expirationdategmt;path=urlpath;domain=sitedomain Wherein each of the entries in order;to separate, the first is to specify the cookie name and its assigned value. Next are the cookie expiration date, url path as well as domain name, in this several In, In addition to the first outside, the other parts are for the first item. Below we look at a piece of code, look at the cookie exactly how to build: | The The The Set a cookie based on a form --- This is a simple to build cookie script. 1． --- The above is a period of reading the cookie name and the value of the script. The above-explained statement in this little repeat them, and see what new syntax: 1． thisCookie = documents . cookie. split("; ")[note: not previously appeared in the split ("=") it. split("; ")can produce an array of results, the present sentence, by documents . cookie. split("; ")to get the cookie value, and this array assignment ribbon variable: thisCookie in. 2． for (i=0; i Set the calculator value of the variable i to 0 if its value is less than thisCookie. length(thisCookie the number of values in), i is incremented by 1. 3． document. write("Cookie name is ’"+thisCookie. split("=")[0]) This sentence thisCookie. split("=")[0]is more difficult to understand, the script above, thiscookie has been assigned a value as an array of values, then thisCookie is the index set of the i-th value, which is the i-th cookie, and by the above split("=")[0]refers to the cookie name. Such thisCookie. split("=")[0]is the i-cookie in the cookie name! 4． document. write("’, and the value is ’"+thisCookie. split("=")[1] With 3 very similar, that is, the i-th cookie in the cookie value. At this point, we are already familiar with how to set up the cookie and it read. These is also a cookie spoofing also need the main technical!**Third, the cookie trick to achieve ** To do the cookie trick, the most important is to understand the target cookie in the stored value case, and try to change it. From the above study we know that cookie-based formats, in General, only in a Cookie. split("=")[0]and Cookies. split("=")[1]in value to us is useful. That is only need to change these two, or at the value you can achieve our purpose. But in the actual operation, also need to solve another problem. Due to the browser's internal cookie mechanism, each cookie can only be its original servers access! Can we The total can not run to people on the server operation! Here we need a little trick. In the above we have mentioned the cookie format, the final two items are it the url path and domain name. Not difficult to think, the server cookie identifying the rely on this! And in peacetime, we want to browse a website, the input of the url is its domain name, need to go through the domain name Management System dns to be converted to an IP address after connecting. This one will have one when empty. If the dns tricks on, put the target domain name, the IP address corresponding to the other site, we can illicit access to the target site's cookies! Do this is not difficult, of course I'm not not going to manipulate the dns, and that is also impossible to do. In win9 under the installation directory, one named hosts. sam of file in text mode after opening will see this format: 127.0.0.1 lockhost #comments Using it, we can achieve domain name resolution localization! And its priority is higher than the network dns! Specific use, simply IP and domain name follow the above format to add, and save as hosts. (Note: this file without the superfluous name, not the hosts. the sam file itself!) At this point, the cookie trick is required, so knowledge already available. Following a“fake”example to show you how to get into the combat. (Inconvenience given real address, so as not to cause offence!~~~: P) Assuming that the target site is www.xxx.com www.self.com 是自己的站点 the. (Can be used to store the deception objective desired file, used to read and modify each other's cookies.) First ping the www. self. com IP address: ping www.self.com Reply from 12.34.56.78: bytes=3 2 time=20ms TTL=2 4 4 And then modify the hosts. the sam file is as follows: 12.34.56.78 www.xxx.com And save it as hosts. 将用来读取 cookie 的页面传至 www.self.com(script such as the two shown). 此时连上 www.xxx.com the. Since we have been to the hosts manipulated, 这时来到的并不是www.xxx.com that 而是 www.self.com www.xxx.com 设在本地的 cookie 便可被读出!~~: D Then according to the specific circumstances to modify a script, using the same method, to this the cookie data is written. Modification is completed, delete the hosts file 再重新进入 www.xxx.com this case has been done, you can enjoy your hack results a!~~~:) **Integrated** cookie spoofing is a discovery of the earlier, and more difficult to use the hack technique, except for java script can be outside the control, asp and the like can also be used to feed into the settings. So in this statement, not necessarily to all sites. But the technology is real, without a doubt! Added: in win2000 in the hosts file of the build with win98, c:\winnt\system32\drivers\etc folder, create!

Enter your name:

Query Builder